Using Analytics to Prioritize Spending on Cybersecurity

Spending on cybersecurity is expected to rise this year as a growing number of organizations shift spending from defensive-minded approaches to detection and mitigation of cyberattacks and data breaches.

Nearly 70 percent of CIOs expect security spending to represent one of the top segments to gain share of overall IT spending as “security continues to take dollars from other categories,” according to survey of 101 CIOs conducted by UBS AG.

The Wall St. Journal reports that the perception among CIOs about security has changed over the last 12 to 18 months as corporate have witnessed the devastating effects of high profile breaches like those at Target Corp. “CIOs now need to start thinking about funding the two other aspects of security besides protection, such as detection and response,” according to the WSJ article.

The use of analytics can help corporate decision-makers better prioritize where to invest in cybersecurity tools to improve the organization’s ability to anticipate, detect, and mitigate cyber threats.

This includes the use of data discovery tools to identify operational areas that are deemed most prone to security breaches. Data discovery and analytics tools can also yield insights into the available or emerging technologies that are designed to anticipate or detect such breaches.

Of course, companies in different industries are prone to certain types of cyberattacks. For example, the U.S. electrical power grid is vulnerable to cyberattacks and physical attacks that could take out substations and cause significant damage or disruptions to customer service.

Operations leaders for utilities and other decision-makers can use analytics to more closely identify the points on a company’s power systems that are most vulnerable to physical or cyberattacks. They can then use these insights to identify the most effective technology safeguards to invest in, particularly those that are focused on detection and response.

Analytics can also be used by executives in different industries to determine the likely financial consequences of cyberattacks or data breaches. These insights can then be used to cost-justify investments in cybersecurity detection and protection technologies that offer the greatest maximum returns.